Using Web Proxies Module: ZAP replacer trouble - User-Agent

Hi. First time poster here, so apologies if this is not in the correct category.

I am currently working through the ‘Bug Bounty Hunter’ path. I am on the ‘Using web proxies’ module, specifically, the ‘Automatic Modification’ section within the module.

This section shows you how to automatically modify your user agent using Burp Suite and ZAP. I am attempting to use ZAP as I already have some familiarity with Burp Suite and ZAP seems to be a good choice going forward as it is open source and has several of the paid features that Burp Suite offers.

I’m not stuck on a particular question, I am simply trying to follow along with the module, but I cannot seem to get the user agent to change.

I feel like I am following the steps but there must be something I am missing or doing wrong. If anybody has any advice it would be much appreciated.

Below is a screenshot of my replacement rule within ZAP Replacer. I would have provided more screenshots but as I am a new forum member, I can only embed one.

My Replacement Rule

The steps I have taken are below:

  • Opened Zap, started a new session, and opened Replacer options.
  • Add new rule using the options in the screenshot above, click save, and Ok.
  • Open the integrated browser in ZAP and turn on the break requests option.
  • Navigate to the IP provided by HTB for the ‘Ping your IP’ webpage.
  • Go back to ZAP and view the captured ‘Break’ in the top right viewer (or stay on the web page and look at it in the ZAP HUD, both result in no change to user agent).
  • Hit ‘Submit and continue to next Breakpoint’ button a few times to make sure I was looking at the correct response, the user agent still remained the same.

If you need any additional information, please just ask, I don’t want to make this post super long by including every step I have tried to rectify the issue, but here are a few things I have tried;

  • Restarted ZAP
  • Tried changing ‘request header’ to ‘request header (string)’ & used ‘^User-Agent.*$’ instead of the drop down option
  • Tried with ‘Match regex’ box checked and unchecked
  • Disabled and enabled the rule
  • Removed rule & recreated
  • Attempted to navigate to several different websites as well as the ‘Ping your IP’ webpage provided by HTB
  • apt update & apt upgrade
  • Restarted laptop

I am hoping this is something simple that I have overlooked but I am struggling to find it, could be a case of not being able to see the forest for the trees but who knows!? Hopefully one of you guys!

Also, I forgot to mention that during my troubleshooting steps, I restarted the application after every change to make sure it was a fresh session and was not retaining any of the changed settings. Thanks in advance for any help.

Have you tried reloading the page with cache reset CTRL+SHIFT+R ?

Not sure if it’s a cache issue

Hi, sorry for the delayed reply and thank you for responding. I think I tried that earlier but I wasn’t sure, so I have just tested again. Still the same result unfortunately.

The next step in the module is to create another replace rule for the response body, changing the ‘type=number’ string, to ‘type=text’, and then it asks you to do the same for ‘maxlength=3’ to ‘maxlength=100’.

I set up the rules for both of them and they work absolutely fine, so I don’t know if this helps, but now I’m even more confused…